<?php

namespace app\http\middleware;
use app\backstage\model\Role;

class CheckAuth
{
    public function handle($request, \Closure $next)
    {   


        $ac = $request->controller().'/'.$request->action();  //获取当前请求的控制器、方法

        $role_id = $request->role_id; //登录中间件的传值 角色id
     
        $authList = Role::where('id',$role_id)->value('auth_list');
        

// dump($ac);
// dump($authList);die;

        if($authList){
            //验证权限
            $authList = json_decode($authList,true);
            
            $flag = in_array($ac,$authList);
         
        }else{
            $flag = false;
        }

    
        if(!$flag){
            if($request->isAjax()){
                return json(['code'=>103,'msg'=>'无权限操作']);
            }else{
                echo <<<DDD
                <script>
                    var index = parent.layer.getFrameIndex(window.name);
                    parent.layer.close(index);
                    parent.layer.msg("无权限操作", {icon: 5,time:1000});
                </script>
DDD;
            }
        }

        $request->admin_id=$request->admin_id;

//        dump($request);
      
        return $next($request);
    }
}
